- 14 Mar, 2022 1 commit
-
-
Victor Gomes authored
The CL implements binary operations bytecodes as generic nodes that call the correspondent runtime builtin. Bug: v8:7700 Change-Id: I82c5e20e4103d4ef367184af1242bae7f7f93fe0 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3509392Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Victor Gomes <victorgomes@chromium.org> Commit-Queue: Victor Gomes <victorgomes@chromium.org> Cr-Commit-Position: refs/heads/main@{#79462}
-
- 25 Feb, 2022 1 commit
-
-
legendecas authored
Bootstrap ShadowRealm.prototype.evaluate, WrappedFunction and WrappedFunction.[[Call]]. Bug: v8:11989 Change-Id: Id380acb71cd5719e783c8f5d741cc4ccf2a93e78 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3432729Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Commit-Queue: Chengzhong Wu <legendecas@gmail.com> Cr-Commit-Position: refs/heads/main@{#79293}
-
- 23 Feb, 2022 1 commit
-
-
Shu-yu Guo authored
This is a reland of 1025bf26 Changes since revert: - TSAN issue fixed by https://crrev.com/c/3475084 - Skip the shared-struct-workers test until shared GC deadlock is fixed, being tracked in v8:12645 Original change's description: > [shared-struct] Prototype JS shared structs > > Unlike the Stage 1 proposal, for simplicity the prototype does not add > any new syntax, instead opting for exposing a SharedStructType > constructor which takes an array of field names. This type constructor > returns constructors for shared structs. > > Shared structs can be shared across Isolates, are fixed layout, have no > prototype, have no .constructor, and can only store primitives and > other shared structs. > > The initial prototype does not have TurboFan support. > > Bug: v8:12547 > Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79156} Bug: v8:12547 Change-Id: Ic1f5cf9fa9791ae2d5d5dc7c110614ca10b5d98e Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3475078Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#79215}
-
- 18 Feb, 2022 1 commit
-
-
Michael Achenbach authored
This reverts commit 1025bf26. Reason for revert: https://crbug.com/v8/12645 Original change's description: > [shared-struct] Prototype JS shared structs > > Unlike the Stage 1 proposal, for simplicity the prototype does not add > any new syntax, instead opting for exposing a SharedStructType > constructor which takes an array of field names. This type constructor > returns constructors for shared structs. > > Shared structs can be shared across Isolates, are fixed layout, have no > prototype, have no .constructor, and can only store primitives and > other shared structs. > > The initial prototype does not have TurboFan support. > > Bug: v8:12547 > Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643 > Reviewed-by: Tobias Tebbi <tebbi@chromium.org> > Reviewed-by: Marja Hölttä <marja@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Dominik Inführ <dinfuehr@chromium.org> > Commit-Queue: Shu-yu Guo <syg@chromium.org> > Cr-Commit-Position: refs/heads/main@{#79156} Bug: v8:12547 Change-Id: I44f2b8bb7487b4d39ba1282585e0b2282501230f No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3474676 Auto-Submit: Michael Achenbach <machenbach@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Owners-Override: Michael Achenbach <machenbach@chromium.org> Commit-Queue: Michael Achenbach <machenbach@chromium.org> Cr-Commit-Position: refs/heads/main@{#79170}
-
- 17 Feb, 2022 1 commit
-
-
Shu-yu Guo authored
Unlike the Stage 1 proposal, for simplicity the prototype does not add any new syntax, instead opting for exposing a SharedStructType constructor which takes an array of field names. This type constructor returns constructors for shared structs. Shared structs can be shared across Isolates, are fixed layout, have no prototype, have no .constructor, and can only store primitives and other shared structs. The initial prototype does not have TurboFan support. Bug: v8:12547 Change-Id: I23bdd819940b42139692bcdb53d372099b0d4426 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3390643Reviewed-by:
Tobias Tebbi <tebbi@chromium.org> Reviewed-by:
Marja Hölttä <marja@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#79156}
-
- 10 Feb, 2022 1 commit
-
-
Igor Sheludko authored
This CL 1) adds relaxed version of CodeDataContainer::code_cage_base accessors and use them from relaxed CodeDataContainer::code accessors, 2) uses relaxed version of FromCodeT() in JSFunctionRef::code(). Bug: v8:11880, chromium:1293642 Change-Id: Idc9ba59a97a44a0963197cad50b5e5b440f9629e Cq-Include-Trybots: luci.v8.try:v8_linux64_tsan_rel_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3450423Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Auto-Submit: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#79030}
-
- 05 Feb, 2022 1 commit
-
-
Shu-yu Guo authored
Currently the Isolate is gotten off of the object that the operation is being performed on. Shared objects return the shared Isolate, which is incorrect as it shouldn't be used to run JS, nor does it have HandleScopes open. Plumb the executing Isolate through. Bug: v8:12547 Change-Id: I7524a956876a0ff2d362c1ad6ec3ae044445215f Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3441023Reviewed-by:
Adam Klein <adamk@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#78962}
-
- 01 Feb, 2022 1 commit
-
-
Samuel Groß authored
Previously, when accessing SandboxedPointer fields with the sandbox disabled, we would always do a ReadUnalignedValue/WriteUnalignedValue. However, that is only necessary when pointer compression is enabled. Otherwise, the field will be properly aligned. This CL also factors out the logic to determine when to use an unaligned or aligned read/write for a field into two new helper functions. Bug: chromium:1292669 Change-Id: I2c1af187c5b2699101c3fee9cc551be788d3a845 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3429200Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78887}
-
- 25 Jan, 2022 1 commit
-
-
legendecas authored
1. Expose all the functions to empty builtins. 2. Wire up the basic structure of ShadowRealm and internal slots. Bug: v8:11989 Change-Id: If7545fe18a74b2bd4b70a1a25776e41f03aaff89 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3195532Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Chengzhong Wu <legendecas@gmail.com> Cr-Commit-Position: refs/heads/main@{#78757}
-
- 20 Jan, 2022 1 commit
-
-
Samuel Groß authored
The external pointer table is now managed by the GC, which marks entries that are alive during major GC, then sweeps the table afterwards to free all dead entries and build a free list from them. For now, only major GCs are supported, Scavenger GCs do not interact with the external pointer table. In more detail, garbage collection of the external pointer table works as follows: 1. The external pointer table now reserves a large region of virtual address space for its backing buffer and is then never reallocated, only grown in place until the maximum size is reached. 2. When the GC's marking visitor marks a HeapObject with an external pointer as alive, it also marks the corresponding external pointer table entry as alive. This can happen on a background thread. 3. For that, it uses the MSB of each entry in the table to indicate whether the entry has been marked or not. This works because the MSB is always cleared during the AND-based type check performed when accessing an external pointer. 4. After marking, the external pointer table is swept while the mutator is stopped. This builds an inline, singly-linked freelist of all newly-dead and previously-free entries. 5. When allocating an entry from the table, the first entry on the freelist is used. If the freelist is empty, the table grows, populating the freelist with the new entries. 6. Every newly-allocated entry is marked as alive, and every store to an existing entry also automatically marks that entry as alive (by also setting the MSB). This simplifies the design of the table GC with regards to concurrency (See ExternalPointerTable::Mark). Bug: v8:10391 Change-Id: I8877fdf5576af3761bde65298951bb09e601bd14 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3359625Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78708}
-
- 18 Jan, 2022 1 commit
-
-
Joyee Cheung authored
Previously, StoreOwnIC incorrectly reuses the [[Set]] semantics when initializing public literal class fields and object literals in certain cases (e.g. when there's no feedback). This was less of an issue for object literals, but with public class fields it's possible to define property attributes while the instance is still being initialized, or to encounter existing static "name" or "length" properties that should be readonly. This patch fixes it by 1) Emitting code that calls into the slow stub when handling StoreOwnIC with existing read-only properties. 2) Adding extra steps in StoreIC::Store to handle such stores properly with [[DefineOwnProperty]] semantics. Bug: v8:12421, v8:9888 Change-Id: I6547320a1caba58c66ee1043cd3183a2de7cefef Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300092Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Joyee Cheung <joyee@igalia.com> Cr-Commit-Position: refs/heads/main@{#78659}
-
- 15 Dec, 2021 2 commits
-
-
Samuel Groß authored
This CL renames a number of things related to the V8 sandbox. Mainly, what used to be under V8_HEAP_SANDBOX is now under V8_SANDBOXED_EXTERNAL_POINTERS, while the previous V8 VirtualMemoryCage is now simply the V8 Sandbox: V8_VIRTUAL_MEMORY_CAGE => V8_SANDBOX V8_HEAP_SANDBOX => V8_SANDBOXED_EXTERNAL_POINTERS V8_CAGED_POINTERS => V8_SANDBOXED_POINTERS V8VirtualMemoryCage => Sandbox CagedPointer => SandboxedPointer fake cage => partially reserved sandbox src/security => src/sandbox This naming scheme should simplify things: the sandbox is now the large region of virtual address space inside which V8 mainly operates and which should be considered untrusted. Mechanisms like sandboxed pointers are then used to attempt to prevent escapes from the sandbox (i.e. corruption of memory outside of it). Furthermore, the new naming scheme avoids the confusion with the various other "cages" in V8, in particular, the VirtualMemoryCage class, by dropping that name entirely. Future sandbox features are developed under their own V8_SANDBOX_X flag, and will, once final, be merged into V8_SANDBOX. Current future features are sandboxed external pointers (using the external pointer table), and sandboxed pointers (pointers guaranteed to point into the sandbox, e.g. because they are encoded as offsets). This CL then also introduces a new build flag, v8_enable_sandbox_future, which enables all future features. Bug: v8:10391 Change-Id: I5174ea8f5ab40fb96a04af10853da735ad775c96 Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3322981Reviewed-by:
Hannes Payer <hpayer@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Michael Achenbach <machenbach@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#78384}
-
Benedikt Meurer authored
This is the final change list in the list of refactorings to split off the implementations of v8::StackFrame and CallSite objects (as used by the V8 JavaScript stack API). See https://bit.ly/v8-stack-frame for the whole story. This CL adds the v8::internal::StackFrameInfo class as new backing implementation of v8::StackFrame, and puts it into debug-objects.tq to indicate that it's used for the debugger API only. This new class is lightweight and only holds on to static information about the stack frame, and is thus usable for the V8 inspector to implement async stack traces in a cheaper manner going forward. Doc: https://bit.ly/v8-stack-frame Bug: chromium:1258599, chromium:1278650 Fixed: chromium:1278647 Change-Id: I4dbf2d850f47797263af225895129499169aad02 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3302794 Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/main@{#78382}
-
- 14 Dec, 2021 1 commit
-
-
Benedikt Meurer authored
This is the second step in the refactoring to make v8::StackFrame more lightweight and usable for (long time storage) by the V8 inspector (see https://bit.ly/v8-stack-frame for an overview). This is a purely mechanical change without any functional aspects. The intention is to make the use case for the CallSiteInfo objects clear, namely to serve as the backing store for the CallSite objects exposed via the Error.prepareStackTrace() API and used under the hood to implement the error.stack accessor. Doc: https://bit.ly/v8-stack-frame Bug: chromium:1258599, chromium:1278647, chromium:1278650 Change-Id: I39dffd1f1a8e5158ddc56f2a0a2b1b28321f487a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300138Reviewed-by:
Thibaud Michaud <thibaudm@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Commit-Queue: Benedikt Meurer <bmeurer@chromium.org> Cr-Commit-Position: refs/heads/main@{#78361}
-
- 08 Dec, 2021 1 commit
-
-
Shu-yu Guo authored
This method has no users in this CL and is a pre-requisite for shared strings. Bug: v8:12007 Change-Id: Id8eaf58aa8bb3092c710279c0c9ae0eda5581284 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3321564Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/main@{#78312}
-
- 02 Dec, 2021 1 commit
-
-
Samuel Groß authored
This CL turns references to ArrayBuffer backing stores from JSArrayBuffers, JSTypedArrays, and JSDataViews into CagedPointers when those are enabled. CagedPointers cannot generally represent nullptr, as NULL usually lies outside the cage. As such, nullptr backing stores are replaced with a special empty backing store value, which, in the current implementation, points to the end of the cage, right in front of the trailing guard regions. Due to this, it is no longer correct to compare a backing store pointer against nullptr. Bug: chromium:1218005 Change-Id: I4a6c7a82aabb4debcb6bb2babe4035ba2da8e79f Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3244419 Commit-Queue: Samuel Groß <saelo@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#78218}
-
- 05 Nov, 2021 1 commit
-
-
Thibaud Michaud authored
R=ahaas@chromium.org Bug: v8:12191 Change-Id: I15a5507a7dd0f02a3bbe9d3ce200206adf4d4539 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3231075 Commit-Queue: Thibaud Michaud <thibaudm@chromium.org> Reviewed-by:
Andreas Haas <ahaas@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Cr-Commit-Position: refs/heads/main@{#77734}
-
- 29 Oct, 2021 1 commit
-
-
Samuel Groß authored
A CagedPointer is guaranteed to point into the Virtual Memory Cage and will for example be used for ArrayBuffer backing stores when the heap sandbox is enabled. In the current implementation, CagedPointers are stored as offsets from the cage base, shifted to the left. Because the cage base address is usually available in a register, accessing a CagedPointer is very efficient, requiring only an additional shift and add operation. Bug: chromium:1218005 Change-Id: Ifc8c088e3862400672051a8c52840514dee2911f Cq-Include-Trybots: luci.v8.try:v8_linux64_heap_sandbox_dbg_ng,v8_linux_arm64_sim_heap_sandbox_dbg_ng Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3123417Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Samuel Groß <saelo@chromium.org> Cr-Commit-Position: refs/heads/main@{#77614}
-
- 08 Oct, 2021 2 commits
-
-
Shu-yu Guo authored
To prepare for prototyping shared memory features, all internalized and in-place internalizable (1- and 2-byte seq strings and external strings) will always be allocated in the shared old space. Cons strings, thin strings, and sliced strings remain allocated in the thread-local space. They are copied over to the shared space when internalized, as internalization implies flattening, which for these strings requires a copy already. To make the in-place internalization threadsafe, updating the map of such strings is now done with a release store. This CL does not yet support external strings. Bug: v8:12007 Change-Id: I982c35c5120bf4c0c70c5294ce011b47430414c8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3140784 Commit-Queue: Shu-yu Guo <syg@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Cr-Commit-Position: refs/heads/main@{#77308}
-
Frank Tang authored
This is a reland of 0adc1410 1. Fork out test/mjsunit/temporal/function-exist.js test to test/mjsunit/temporal/function-exist-no-i18n.js and mark function-exist FAIL in no_i18n build. Original change's description: > [Temporal] Part 1 - Skeleton > > 1. Expose all the functions to empty buildins. > 2. Wire up basic structure of classes and internal slots. > > Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/ > > This is just a CL to establish a skeleton for Temporal. > The Temporal is very big. The prototype CL is in > https://chromium-review.googlesource.com/c/v8/v8/+/2967755 > but too big to be reviewed so I break up the basic structure here first. > > Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel > Bug: v8:11544 > Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76819} Bug: v8:11544 Change-Id: I60eaface94ba9b3408cb235cd1ae425151a36732 Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160324Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/main@{#77303}
-
- 06 Oct, 2021 1 commit
-
-
Igor Sheludko authored
... capable of computing the forwarding pointer for objects allocated outside of the main pointer compression cage. Drive-by: hoist computation of pointer compression cage base out of certain loops in GC code. Bug: v8:11880 Change-Id: I23efdffd1a237d9eedd0e2975e8e40811417ef31 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3204968Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#77244}
-
- 29 Sep, 2021 1 commit
-
-
Seth Brenith authored
I'm trying to remove annotations and make behavior more consistent. For @generatePrint, there are two options: either generate printers for every extern class, or never generate printers for extern classes. This change implements the option of always generating printers. Classes that require custom printing can easily hide the generated printer by using DECL_PRINTER. This causes the generated file gen/torque-generated/objects-printer.cc to grow to 1600 lines, including many functions that are never used, but I think the consistency benefit outweighs a little more compilation time on one file. This change also removes custom printers in cases where the generated printer includes all of the same content. If folks would prefer the option to never generate printers, I'm open to doing that instead. I like the notion that generating more code could reduce the friction of adding new classes and thereby encourage people to define precise types rather than using FixedArrays, but the current implementation of generated printers is limited, and many printers have been customized to show the data that matters the most. Unlike verifiers and body descriptors, there are no correctness or safety concerns with hand-written printers. Some bugs showed up once we start generating printers for everything, and this change fixes them: - Printers incorrectly included ungettable fields like padding - Printers called getters which might be hidden by hand-written classes - The generated getter for Map::instance_type used ReadField<InstanceType>, which is not an arithmetic type since it's an enum One more tiny drive-by fix: added a missing newline in the printers for JSMap and JSSet. Bug: v8:7793 Change-Id: Ib9e9575fbcb57879935ff18bf4db49fe276d2966 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3172190Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Seth Brenith <seth.brenith@microsoft.com> Cr-Commit-Position: refs/heads/main@{#77152}
-
- 14 Sep, 2021 2 commits
-
-
Deepti Gandluri authored
This reverts commit 0adc1410. Reason for revert: Reverting due to fail on V8 Linux - noi18n - debug https://logs.chromium.org/logs/v8/buildbucket/cr-buildbucket/8836095186331011153/+/u/Check_-_default/function-exist Original change's description: > [Temporal] Part 1 - Skeleton > > 1. Expose all the functions to empty buildins. > 2. Wire up basic structure of classes and internal slots. > > Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/ > > This is just a CL to establish a skeleton for Temporal. > The Temporal is very big. The prototype CL is in > https://chromium-review.googlesource.com/c/v8/v8/+/2967755 > but too big to be reviewed so I break up the basic structure here first. > > Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel > Bug: v8:11544 > Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561 > Reviewed-by: Nico Hartmann <nicohartmann@chromium.org> > Reviewed-by: Shu-yu Guo <syg@chromium.org> > Reviewed-by: Jakob Gruber <jgruber@chromium.org> > Commit-Queue: Frank Tang <ftang@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76819} Bug: v8:11544 Change-Id: I358f671452a986c8e87d1f831ab5eb1550a38441 Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3160467 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Auto-Submit: Deepti Gandluri <gdeepti@chromium.org> Owners-Override: Deepti Gandluri <gdeepti@chromium.org> Cr-Commit-Position: refs/heads/main@{#76821}
-
Frank Tang authored
1. Expose all the functions to empty buildins. 2. Wire up basic structure of classes and internal slots. Design Doc: https://docs.google.com/document/d/1Huu2OUlmveBh4wjgx0D7ouC9O9vSdiZWaRK3OwkQZU0/ This is just a CL to establish a skeleton for Temporal. The Temporal is very big. The prototype CL is in https://chromium-review.googlesource.com/c/v8/v8/+/2967755 but too big to be reviewed so I break up the basic structure here first. Cq-Include-Trybots: luci.v8.try:v8_linux64_bazel Bug: v8:11544 Change-Id: I10d09e3c2530e5b1a6ba60014a2294e138879ff3 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3092561Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Reviewed-by:
Shu-yu Guo <syg@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Commit-Queue: Frank Tang <ftang@chromium.org> Cr-Commit-Position: refs/heads/main@{#76819}
-
- 24 Aug, 2021 1 commit
-
-
Dan Elphick authored
This is a reland of d1b27019 Fixes include: Adding missing file to bazel build Forward-declaring classing before friend-classing them to fix win/gcc Add missing v8-isolate.h include for vtune builds Original change's description: > [include] Split out v8.h > > This moves every single class/function out of include/v8.h into a > separate header in include/, which v8.h then includes so that > externally nothing appears to have changed. > > Every include of v8.h from inside v8 has been changed to a more > fine-grained include. > > Previously inline functions defined at the bottom of v8.h would call > private non-inline functions in the V8 class. Since that class is now > in v8-initialization.h and is rarely included (as that would create > dependency cycles), this is not possible and so those methods have been > moved out of the V8 class into the namespace v8::api_internal. > > None of the previous files in include/ now #include v8.h, which means > if embedders were relying on this transitive dependency then it will > give compile failures. > > v8-inspector.h does depend on v8-scripts.h for the time being to ensure > that Chrome continue to compile but that change will be reverted once > those transitive #includes in chrome are changed to include it directly. > > Full design: > https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing > > Bug: v8:11965 > Change-Id: I53b84b29581632710edc80eb11f819c2097a2877 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76424} Cq-Include-Trybots: luci.v8.try:v8_linux_vtunejit Bug: v8:11965 Change-Id: I99f5d3a73bf8fe25b650adfaf9567dc4e44a09e6 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113629Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Simon Zünd <szuend@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/main@{#76460}
-
- 23 Aug, 2021 2 commits
-
-
Dan Elphick authored
This reverts commit d1b27019. Reason for revert: Broke vtune build, tsan build and possibly others Original change's description: > [include] Split out v8.h > > This moves every single class/function out of include/v8.h into a > separate header in include/, which v8.h then includes so that > externally nothing appears to have changed. > > Every include of v8.h from inside v8 has been changed to a more > fine-grained include. > > Previously inline functions defined at the bottom of v8.h would call > private non-inline functions in the V8 class. Since that class is now > in v8-initialization.h and is rarely included (as that would create > dependency cycles), this is not possible and so those methods have been > moved out of the V8 class into the namespace v8::api_internal. > > None of the previous files in include/ now #include v8.h, which means > if embedders were relying on this transitive dependency then it will > give compile failures. > > v8-inspector.h does depend on v8-scripts.h for the time being to ensure > that Chrome continue to compile but that change will be reverted once > those transitive #includes in chrome are changed to include it directly. > > Full design: > https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing > > Bug: v8:11965 > Change-Id: I53b84b29581632710edc80eb11f819c2097a2877 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448 > Reviewed-by: Yang Guo <yangguo@chromium.org> > Reviewed-by: Camillo Bruni <cbruni@chromium.org> > Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> > Reviewed-by: Leszek Swirski <leszeks@chromium.org> > Reviewed-by: Michael Lippautz <mlippautz@chromium.org> > Commit-Queue: Dan Elphick <delphick@chromium.org> > Cr-Commit-Position: refs/heads/main@{#76424} Bug: v8:11965 Change-Id: Id57313ae992e720c8b19abc975cd69729e1344aa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3113627 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Leszek Swirski <leszeks@chromium.org> Owners-Override: Leszek Swirski <leszeks@chromium.org> Cr-Commit-Position: refs/heads/main@{#76428}
-
Dan Elphick authored
This moves every single class/function out of include/v8.h into a separate header in include/, which v8.h then includes so that externally nothing appears to have changed. Every include of v8.h from inside v8 has been changed to a more fine-grained include. Previously inline functions defined at the bottom of v8.h would call private non-inline functions in the V8 class. Since that class is now in v8-initialization.h and is rarely included (as that would create dependency cycles), this is not possible and so those methods have been moved out of the V8 class into the namespace v8::api_internal. None of the previous files in include/ now #include v8.h, which means if embedders were relying on this transitive dependency then it will give compile failures. v8-inspector.h does depend on v8-scripts.h for the time being to ensure that Chrome continue to compile but that change will be reverted once those transitive #includes in chrome are changed to include it directly. Full design: https://docs.google.com/document/d/1rTD--I8hCAr-Rho1WTumZzFKaDpEp0IJ8ejZtk4nJdA/edit?usp=sharing Bug: v8:11965 Change-Id: I53b84b29581632710edc80eb11f819c2097a2877 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3097448Reviewed-by:
Yang Guo <yangguo@chromium.org> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Jakob Kummerow <jkummerow@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Dan Elphick <delphick@chromium.org> Cr-Commit-Position: refs/heads/main@{#76424}
-
- 30 Jul, 2021 1 commit
-
-
Paolo Severini authored
Rename CopyAndConvertArrayToCppBuffer as TryCopyAndConvertArrayToCppBuffer and implement type specialization for int32_t and double in order to speed up V8 bindings with sequences. This API is used by Blink code, for example see https://chromium-review.googlesource.com/c/chromium/src/+/3027405. Bug: v8:11739 Change-Id: I026a7f5e7833fb1afcc2ea9c296b66c7f733cbb1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3036407 Commit-Queue: Paolo Severini <paolosev@microsoft.com> Reviewed-by:
Camillo Bruni <cbruni@chromium.org> Reviewed-by:
Maya Lekova <mslekova@chromium.org> Cr-Commit-Position: refs/heads/master@{#76016}
-
- 29 Jul, 2021 1 commit
-
-
Thibaud Michaud authored
The JS API constructor was renamed to "WebAssembly.Tag" to match the spec: https://github.com/WebAssembly/exception-handling/issues/159 Rename "exception" to "tag" throughout the codebase for consistency with the JS API, and to match the spec terminology (e.g. "tag section"). R=clemensb@chromium.org,nicohartmann@chromium.org Bug: v8:11992 Change-Id: I63f9f3101abfeefd49117461bd59c594ca5dab70 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3053583Reviewed-by:
Clemens Backes <clemensb@chromium.org> Reviewed-by:
Nico Hartmann <nicohartmann@chromium.org> Commit-Queue: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#75994}
-
- 13 Jul, 2021 1 commit
-
-
Mike Stanton authored
Added a parameter to Object::FitsRepresentation() to disallow coercion. Normally, when we ask if a Smi can "fit" into a Double representation we'd answer yes, because the Smi can be converted to a HeapNumber. However, from the compilers perspective, the object is found in a field with a particular representation. In this case, finding a Smi in a field with representation Double means something is awry. Therefore, it's useful for the compiler to be able to ask if the object fits the field without coercion. Bug: chromium:1227324, v8:7790 Change-Id: I12033736030d904ef9c29516c07999600a5f508a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3015570 Commit-Queue: Michael Stanton <mvstanton@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Cr-Commit-Position: refs/heads/master@{#75706}
-
- 08 Jul, 2021 2 commits
-
-
Patrick Thier authored
This is a reland of 819c3ae2 Original change's description: > Reland "Reland "Improve error messages for property access on null/undefined"" > > This is a reland of 8b18c5e6 > > Original change's description: > > Reland "Improve error messages for property access on null/undefined" > > > > This is a reland of 24c626c1 > > > > Original change's description: > > > Improve error messages for property access on null/undefined > > > > > > Only print the property name when accessing null/undefined if we can > > > convert it to a string without causing side effects. > > > If we can't, omit the property name in the error message. > > > This should avoid confusion when the key is an object with toString(). > > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > > > Object]' anymore, which was misleading since the property accessed would > > > be 'a', but we can't evaluate the key without side effects. > > > > > > Bug: v8:11365 > > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#75250} > > > > Bug: v8:11365 > > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75571} > > Bug: v8:11365 > Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219 > Auto-Submit: Patrick Thier <pthier@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75604} Bug: v8:11365 Change-Id: I002b537144f328ccbbdcd655e26e5dc87c49c6f5 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013935Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#75645}
-
Leszek Swirski authored
This reverts commit 819c3ae2. Reason for revert: Sorry Patrick, still failing on some layout tests :( https://test-results.appspot.com/data/layout_results/mac-rel/726365/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html Original change's description: > Reland "Reland "Improve error messages for property access on null/undefined"" > > This is a reland of 8b18c5e6 > > Original change's description: > > Reland "Improve error messages for property access on null/undefined" > > > > This is a reland of 24c626c1 > > > > Original change's description: > > > Improve error messages for property access on null/undefined > > > > > > Only print the property name when accessing null/undefined if we can > > > convert it to a string without causing side effects. > > > If we can't, omit the property name in the error message. > > > This should avoid confusion when the key is an object with toString(). > > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > > > Object]' anymore, which was misleading since the property accessed would > > > be 'a', but we can't evaluate the key without side effects. > > > > > > Bug: v8:11365 > > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > > Cr-Commit-Position: refs/heads/master@{#75250} > > > > Bug: v8:11365 > > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75571} > > Bug: v8:11365 > Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219 > Auto-Submit: Patrick Thier <pthier@chromium.org> > Commit-Queue: Toon Verwaest <verwaest@chromium.org> > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75604} Bug: v8:11365 Change-Id: I7d7c0f201288384c2aa38a51418b582a64213ae0 No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3013352 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75626}
-
- 07 Jul, 2021 1 commit
-
-
Patrick Thier authored
This is a reland of 8b18c5e6 Original change's description: > Reland "Improve error messages for property access on null/undefined" > > This is a reland of 24c626c1 > > Original change's description: > > Improve error messages for property access on null/undefined > > > > Only print the property name when accessing null/undefined if we can > > convert it to a string without causing side effects. > > If we can't, omit the property name in the error message. > > This should avoid confusion when the key is an object with toString(). > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > > Object]' anymore, which was misleading since the property accessed would > > be 'a', but we can't evaluate the key without side effects. > > > > Bug: v8:11365 > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75250} > > Bug: v8:11365 > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75571} Bug: v8:11365 Change-Id: I90360641ecd870bd93247aa6d91dfb0ad049cfb8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008219 Auto-Submit: Patrick Thier <pthier@chromium.org> Commit-Queue: Toon Verwaest <verwaest@chromium.org> Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#75604}
-
- 06 Jul, 2021 2 commits
-
-
Leszek Swirski authored
This reverts commit 8b18c5e6. Reason for revert: Still failing: https://test-results.appspot.com/data/layout_results/V8_Blink_Linux/12469/blink_web_tests%20%28retry%20shards%20with%20patch%29/layout-test-results/results.html Original change's description: > Reland "Improve error messages for property access on null/undefined" > > This is a reland of 24c626c1 > > Original change's description: > > Improve error messages for property access on null/undefined > > > > Only print the property name when accessing null/undefined if we can > > convert it to a string without causing side effects. > > If we can't, omit the property name in the error message. > > This should avoid confusion when the key is an object with toString(). > > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > > Object]' anymore, which was misleading since the property accessed would > > be 'a', but we can't evaluate the key without side effects. > > > > Bug: v8:11365 > > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > > Commit-Queue: Patrick Thier <pthier@chromium.org> > > Cr-Commit-Position: refs/heads/master@{#75250} > > Bug: v8:11365 > Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75571} Bug: v8:11365 Change-Id: Ic4137f0d70fa9b10ca70fa921b98ea7e1499f11b No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3008217 Auto-Submit: Leszek Swirski <leszeks@chromium.org> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/heads/master@{#75577}
-
Patrick Thier authored
This is a reland of 24c626c1 Original change's description: > Improve error messages for property access on null/undefined > > Only print the property name when accessing null/undefined if we can > convert it to a string without causing side effects. > If we can't, omit the property name in the error message. > This should avoid confusion when the key is an object with toString(). > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > Object]' anymore, which was misleading since the property accessed would > be 'a', but we can't evaluate the key without side effects. > > Bug: v8:11365 > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75250} Bug: v8:11365 Change-Id: Ie2312337f4f1915faa31528a728d90833d80dbd1 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2979599Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#75571}
-
- 21 Jun, 2021 2 commits
-
-
Bill Budge authored
This reverts commit 24c626c1. Reason for revert: Blocks V8 roll into Chromium (changed error messages cause tests to fail): https://ci.chromium.org/p/chromium/builders/try/linux-rel/724109? Original change's description: > Improve error messages for property access on null/undefined > > Only print the property name when accessing null/undefined if we can > convert it to a string without causing side effects. > If we can't, omit the property name in the error message. > This should avoid confusion when the key is an object with toString(). > E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object > Object]' anymore, which was misleading since the property accessed would > be 'a', but we can't evaluate the key without side effects. > > Bug: v8:11365 > Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 > Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211 > Reviewed-by: Toon Verwaest <verwaest@chromium.org> > Commit-Queue: Patrick Thier <pthier@chromium.org> > Cr-Commit-Position: refs/heads/master@{#75250} Bug: v8:11365 Change-Id: Ic63f34033254f55b3871041633d84ea48586a75d Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2977374 Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Deepti Gandluri <gdeepti@chromium.org> Commit-Queue: Bill Budge <bbudge@chromium.org> Reviewed-by:
Bill Budge <bbudge@chromium.org> Cr-Commit-Position: refs/heads/master@{#75282}
-
Igor Sheludko authored
When v8_enable_external_code_space is enabled the Code objects are allowed only - in CodeDataContainer::code field - as uncompressed values embedded in Code instruction streams Bug: v8:11880 Change-Id: I080a678fd77a7e42c6a397e7145a640fd07d6e83 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969828Reviewed-by:
Michael Lippautz <mlippautz@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/master@{#75275}
-
- 18 Jun, 2021 1 commit
-
-
Patrick Thier authored
Only print the property name when accessing null/undefined if we can convert it to a string without causing side effects. If we can't, omit the property name in the error message. This should avoid confusion when the key is an object with toString(). E.g. undefined[{toString:()=>'a'}] doesn't print 'read property [object Object]' anymore, which was misleading since the property accessed would be 'a', but we can't evaluate the key without side effects. Bug: v8:11365 Change-Id: If82d1adb42561d4851e2bd2ca297a1c71738aee8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2960211Reviewed-by:
Toon Verwaest <verwaest@chromium.org> Commit-Queue: Patrick Thier <pthier@chromium.org> Cr-Commit-Position: refs/heads/master@{#75250}
-
- 17 Jun, 2021 1 commit
-
-
Igor Sheludko authored
This CL adds - CodeT type - an alias for CodeDataContainer or Code depending on whether the v8_enable_external_code_space is enabled or not, - a set of conversion functions from CodeT to Code or CodeDataContainer and back (both in C++ and CodeStubAssembler), - masm support for calling/tailcalling via CallDataContainer which contain the code entry point address, - masm support for calling/tailcalling via CodeT. Bug: v8:11880 Change-Id: Ib36f4c6db69ec49aaea29412647e59ada95da19b Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2967463 Commit-Queue: Igor Sheludko <ishell@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#75207}
-
- 16 Jun, 2021 1 commit
-
-
Mike Stanton authored
In heap-refs.cc, GetOwnFastDataPropertyFromHeap() bottlenecks reading a fast property. To make it safe to use from the background thread we need to verify the object didn't shrink, and risk an out of heap bounds read. Bug: v8:7790 Change-Id: Idebbe0ffea089bf2a70aa7d611618430169082fd Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2928185Reviewed-by:
Dominik Inführ <dinfuehr@chromium.org> Reviewed-by:
Leszek Swirski <leszeks@chromium.org> Reviewed-by:
Jakob Gruber <jgruber@chromium.org> Reviewed-by:
Georg Neis <neis@chromium.org> Commit-Queue: Michael Stanton <mvstanton@chromium.org> Cr-Commit-Position: refs/heads/master@{#75186}
-